Static analyzers are well known tools that provide information about computer software while applying only static considerations (i.e., without executing a computer software application). In one type of static analysis, information flows are traced within a computer software application from sources, being application programming interfaces (APIs) that introduce input into an application from external sources, such as user input, to sinks, being security-sensitive operations, such as operations that output information to users. Such flows are often identified by static analyzers as security risks that may require further analysis by a software developer and possibly corrective action. However, many such information flows may encounter one or more points within the application that validate or otherwise process data related to the information flow with the express purpose of eliminating the information flow as a security risk. One example of this relates to encrypting input received from external sources, such as user passwords or credit card numbers. It would be advantageous to automatically identify information flows that undergo such processing so as to reduce the need for further analysis by a software developer.